diff options
| author | Kjetil Orbekk <kj@orbekk.com> | 2025-03-01 14:34:25 -0500 |
|---|---|---|
| committer | Kjetil Orbekk <kj@orbekk.com> | 2025-03-01 14:34:25 -0500 |
| commit | e603acd4828053fdfdaf245992322b8533f667d8 (patch) | |
| tree | a7fa7fcf00e3f1bfdfc9f7e4fe442725cde3e915 /config | |
| parent | f043102d16a32a845501eda0b536feebad72db4a (diff) | |
Delete old config
Diffstat (limited to 'config')
| -rw-r--r-- | config/acme-sh.nix | 3 | ||||
| -rw-r--r-- | config/borg-backup.nix | 77 | ||||
| -rw-r--r-- | config/keycloak.nix | 17 | ||||
| -rw-r--r-- | config/mail-server.nix | 82 | ||||
| -rw-r--r-- | config/matrix.nix | 40 | ||||
| -rw-r--r-- | config/minecraft.nix | 17 | ||||
| -rw-r--r-- | config/mpd.nix | 31 | ||||
| -rw-r--r-- | config/postgresql.nix | 1 | ||||
| -rw-r--r-- | config/pxe.nix | 11 | ||||
| -rw-r--r-- | config/stats.nix | 48 | ||||
| -rw-r--r-- | config/systemhttpd.nix | 21 | ||||
| -rw-r--r-- | config/weechat.nix | 47 |
12 files changed, 0 insertions, 395 deletions
diff --git a/config/acme-sh.nix b/config/acme-sh.nix deleted file mode 100644 index 95a6c4f..0000000 --- a/config/acme-sh.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ config, lib, pkgs, ... }: -let acme-sh = pkgs.callPackage ../pkgs/acme-sh/default.nix { }; -in { environment.systemPackages = [ acme-sh ]; } diff --git a/config/borg-backup.nix b/config/borg-backup.nix deleted file mode 100644 index 188fd06..0000000 --- a/config/borg-backup.nix +++ /dev/null @@ -1,77 +0,0 @@ -# To initialize repo -# borg init --encryption=keyfile /staging/backup -# Key file also stored in pass -{ config, lib, pkgs, ... }: -let - repo = "/staging/backup"; - probe = rec { - path = "/storage/archive/backup-probe.txt"; - repo = "storage"; - repo_path = lib.removePrefix "/" path; - }; -in { - systemd.services.borg-backup = { - description = "Run backups."; - path = with pkgs; [ borgbackup rsync openssh ]; - startAt = "03:30"; - environment = { - BORG_KEY_FILE = "/opt/secret/borg-backup-keys/staging_backup"; - BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; - }; - script = '' - echo "Database backup" - ssh orbekk@raigh.orbekk.com sqlite3 /home/orbekk/linoquotes.sqlite \".backup /home/orbekk/linoquotes-backup.sqlite\" - rsync -Hax orbekk@raigh.orbekk.com:linoquotes-backup.sqlite /storage/archive/linoquotes/ - - echo "Writing probe file at ${probe.path}" - # No need for atomic move, because the script terminates if this fails. - date +%s > "${probe.path}" - - echo "Creating backup" - borg create -v --stats \ - --compression lzma,6 \ - ${repo}::'storage-{now:%Y-%m-%dT%H:%M:%S}' \ - /storage - - borg create -v --stats \ - --compression lzma,6 \ - ${repo}::'{hostname}-{now:%Y-%m-%dT%H:%M:%S}' \ - /opt /home /var \ - --exclude /var/lib/lxd \ - --exclude /var/lib/nextcloud - - echo "Pruning old versions" - borg prune -v --list ${repo} --prefix 'storage-' \ - --keep-daily=7 --keep-weekly=4 --keep-monthly=6 - borg prune -v --list ${repo} --prefix '{hostname}-' \ - --keep-daily=7 --keep-weekly=4 --keep-monthly=6 - - echo "Synchronizing backup" - rsync --delete -Hax ${repo} root@orbekk.osl.trygveandre.net:/storage - echo "Success." - ''; - }; - - systemd.services.backup-prober = { - description = "Find latest backup probe timestamp."; - path = with pkgs; [ borgbackup rsync openssh sshfs moreutils ]; - startAt = "06:30"; - serviceConfig = { PrivateTmp = true; }; - environment = { - BORG_KEY_FILE = "/opt/secret/borg-backup-keys/staging_backup"; - BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; - }; - script = '' - mkdir -p "/tmp/mnt" - sshfs root@orbekk.osl.trygveandre.net:/storage "/tmp/mnt" - REPOSITORY="/tmp/mnt/backup" - - last_repo="$(borg list $REPOSITORY -P ${probe.repo} --last 1 --short)" - target="${config.orbekk.monitoring-server.textFileDir}/backup_probe.prom" - timestamp=$(borg extract --stdout $REPOSITORY::"$last_repo" "${probe.repo_path}") - echo "backup_probe_timestamp_seconds $timestamp" > "$target.next" - mv "$target.next" "$target" - echo Done - ''; - }; -} diff --git a/config/keycloak.nix b/config/keycloak.nix deleted file mode 100644 index 7209d8e..0000000 --- a/config/keycloak.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - age.secrets."dragon-keycloak.age".file = ../secrets/dragon-keycloak.age; - services.postgresql.enable = true; - services.keycloak = { - enable = true; - settings.hostname = "auth.orbekk.com"; - settings.log-level = "INFO"; - settings.http-port = - (import ../data/aliases.nix).services.keycloak.http-port; - settings.hostname-strict-https = false; - settings.proxy = "edge"; - database.type = "postgresql"; - database.passwordFile = config.age.secrets."dragon-keycloak.age".path; - }; -} diff --git a/config/mail-server.nix b/config/mail-server.nix deleted file mode 100644 index fd363fb..0000000 --- a/config/mail-server.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ config, lib, pkgs, ... }: { - networking.firewall.allowedTCPPorts = [ 25 465 587 ]; - services.dovecot2 = { - enable = true; - sslServerCert = "/var/lib/acme/shape.orbekk.com/fullchain.pem"; - sslServerKey = "/var/lib/acme/shape.orbekk.com/key.pem"; - enablePAM = false; - extraConfig = '' - passdb { - driver = passwd-file - args = username_format=%n /opt/secret/dovecot-passwd - } - userdb { - driver = passwd-file - args = username_format=%n /opt/secret/dovecot-passwd - } - mail_debug = yes - service auth { - unix_listener auth-client-postfix { - group = postfix - mode = 0660 - user = postfix - } - user = root - } - ''; - }; - - services.postfix = { - enable = true; - - hostname = "shape"; - domain = "orbekk.com"; - destination = - [ "orbekk.com" "kj.orbekk.com" "orbekk.no" "kj.orbekk.no" "kufieta.net" ]; - - relayHost = "smtp.gmail.com"; - relayPort = 587; - - enableSubmission = true; - submissionOptions = { - "smtpd_tls_security_level" = "encrypt"; - "smtpd_sasl_auth_enable" = "yes"; - "smtpd_sasl_type" = "dovecot"; - "smtpd_sasl_path" = "/var/run/dovecot2/auth-client-postfix"; - "smtpd_client_restrictions" = "permit_sasl_authenticated,reject"; - "milter_macro_daemon_name" = "ORIGINATING"; - }; - - extraConfig = '' - smtp_tls_security_level = encrypt - smtp_sasl_auth_enable = yes - smtp_sasl_password_maps = hash:/opt/secret/postfix-sasl-passwd - header_size_limit = 4096000 - smtp_sasl_security_options = noanonymous - ''; - - extraAliases = let - erik = "erikorbekk@gmail.com"; - kjetil = "kjetil.orbekk@gmail.com"; - lise = "lise.orbekk@gmail.com"; - katharina = "katharina.kufieta@gmail.com"; - in '' - eo: ${erik} - erik: ${erik} - orbekk: ${kjetil} - k: ${kjetil} - kj: ${kjetil} - kjetil: ${kjetil} - root: ${kjetil} - postmaster: ${kjetil} - katharina: ${katharina} - kathi: ${katharina} - kasiunia: ${katharina} - kat: ${katharina} - lise: ${lise} - ''; - sslCert = "/var/lib/acme/shape.orbekk.com/fullchain.pem"; - sslCACert = "/var/lib/acme/shape.orbekk.com/fullchain.pem"; - sslKey = "/var/lib/acme/shape.orbekk.com/key.pem"; - }; -} diff --git a/config/matrix.nix b/config/matrix.nix deleted file mode 100644 index 8747d62..0000000 --- a/config/matrix.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, lib, pkgs, ... }: -let - matrixPort = (import ../data/aliases.nix).services.matrix.port; - matrixFederationPort = - (import ../data/aliases.nix).services.matrixFederation.port; -in { - networking.firewall.allowedTCPPorts = [ matrixPort matrixFederationPort ]; - - services.matrix-synapse = { - enable = true; - server_name = "orbekk.com"; - # registration_shared_secret = "disable_after_registration"; - listeners = [ - { - port = matrixPort; - bind_address = ""; - type = "http"; - tls = false; - x_forwarded = true; - resources = [{ - names = [ "client" "webclient" ]; - compress = true; - } - # { names = ["federation"]; compress = false; } - ]; - } - { - port = matrixFederationPort; - bind_address = ""; - type = "http"; - tls = true; - x_forwarded = false; - resources = [{ - names = [ "federation" ]; - compress = false; - }]; - } - ]; - }; -} diff --git a/config/minecraft.nix b/config/minecraft.nix deleted file mode 100644 index 9aa7720..0000000 --- a/config/minecraft.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, pkgs, ... }: -let - minecraft-port = 25565; - allowedAddresses = [ "108.30.16.212" "24.193.7.0/24" ]; -in { - networking.firewall.extraCommands = lib.concatMapStrings (addr: '' - iptables -A nixos-fw -p tcp \ - --dport ${toString minecraft-port} \ - -s ${addr} \ - -j nixos-fw-accept - '') allowedAddresses; - services.minecraft-server = { - eula = true; - enable = true; - dataDir = "/storage/srv/minecraft/annie"; - }; -} diff --git a/config/mpd.nix b/config/mpd.nix deleted file mode 100644 index a9dcee0..0000000 --- a/config/mpd.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, lib, pkgs, ... }: -let - mpdport = (import ../data/aliases.nix).services.mpd.port; - mpdwebport = (import ../data/aliases.nix).services.mpdweb.port; -in { - networking.firewall.allowedTCPPorts = [ mpdport mpdwebport ]; - - services.ympd = { - enable = true; - webPort = toString mpdwebport; - }; - - services.mpd = { - enable = true; - musicDirectory = "/storage/music"; - extraConfig = '' - audio_output { - type "httpd" - name "KJ mpd stream" - encoder "lame" - port "${toString mpdport}" - quality "0" # do not define if bitrate is defined - #bitrate "128" # do not define if quality is defined - format "44100:16:1" - always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped. - tags "yes" # httpd supports sending tags to listening streams. - audio_buffer_size "8192" - } - ''; - }; -} diff --git a/config/postgresql.nix b/config/postgresql.nix deleted file mode 100644 index 5d4aa7d..0000000 --- a/config/postgresql.nix +++ /dev/null @@ -1 +0,0 @@ -{ config, lib, pkgs, ... }: { services.postgresql.enable = true; } diff --git a/config/pxe.nix b/config/pxe.nix deleted file mode 100644 index ad90e0c..0000000 --- a/config/pxe.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, pkgs, ... }: { - services.dnsmasq = { - extraConfig = '' - enable-tftp - tftp-root=${pkgs.ipxe} - dhcp-userclass=set:ipxe,iPXE - dhcp-boot=tag:!ipxe,undionly.kpxe - dhcp-boot=http://boot.ipxe.org/demo/boot.php - ''; - }; -} diff --git a/config/stats.nix b/config/stats.nix deleted file mode 100644 index d30f426..0000000 --- a/config/stats.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ config, lib, pkgs, ... }: -let - home = (import ../data/aliases.nix).services.stats.home; - stats-pkg = "/opt/site/stats"; -in -{ - services.postgresql = { - enable = true; - extraConfig = '' - track_commit_timestamp = on - ''; - }; - - systemd.services.stats-init = { - wantedBy = ["multi-user.target"]; - requires = ["postgresql.service"]; - after = ["postgresql.service"]; - script = '' - if [[ ! -e ${home}/.db-created ]]; then - ${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} ${config.services.postgresql.package}/bin/createuser stats - ${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} ${config.services.postgresql.package}/bin/createdb -O stats stats - touch ${home}/.db-created - fi - - ${pkgs.sudo}/bin/sudo -u stats ${stats-pkg}/result/bin/stats --db postgresql://stats:stats@localhost/stats init - ''; - }; - - # systemd.services.stats-currency-fetch = { - # environment = { RUST_LOG = "stats=info"; }; - # serviceConfig.ExecStart = "${stats-pkg}/target/debug/stats --db postgresql://orbekk:orbekk@localhost/stats currency"; - # }; - # systemd.timers.stats-currency-fetch = { - # wantedBy = [ "timers.target" ]; - # timerConfig = { - # OnBootSec = "5m"; - # OnUnitInactiveSec = "5m"; - # }; - # }; - # - # systemd.services.stats-currency-dash = { - # path = [ pkgs.nix ]; - # wantedBy = ["multi-user.target"]; - # serviceConfig.ExecStart = "${stats-pkg}/R/dashboard.sh"; - # requires = ["stats-currency-fetch.service"]; - # after = ["stats-currency-fetch.service"]; - #}; -}
\ No newline at end of file diff --git a/config/systemhttpd.nix b/config/systemhttpd.nix deleted file mode 100644 index 3dcdb92..0000000 --- a/config/systemhttpd.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ configs, lib, pkgs, ... }: -let - port = (import ../data/aliases.nix).services.systemhttpd.port; -in -{ - systemd.services.systemhttpd = { - description = "Web frontend for systemd"; - after = [ "networking.target" ]; - wantedBy = [ "multi-user.target" ]; - environment = { - RUST_BACKTRACE = "1"; - RUST_LOG = "error,systemhttp=info,main=info"; - }; - serviceConfig = { - ExecStart = "${pkgs.systemhttpd}/bin/systemhttpd --port ${toString port} " + - "--db_file /var/lib/systemhttpd/db.sqlite " + - "--base_url https://kj.orbekk.com/systemd/ serve"; - User = "root"; - }; - }; -} diff --git a/config/weechat.nix b/config/weechat.nix deleted file mode 100644 index d90272c..0000000 --- a/config/weechat.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ config, pkgs, ... }: -{ - # nixpkgs.config.packageOverrides = pkgs: { - # weechat = pkgs.weechat.override { - # extraBuildInputs = with pkgs; [ - # pythonPackages.potr - # ]; - # }; - # }; - - systemd.services = { - weechat = { - description = "weechat session"; - path = [ pkgs.weechat pkgs.tmux pkgs.coreutils ]; - after = [ "networking.target" ]; - wantedBy = [ "multi-user.target" ]; - environment = { - LANG = "en_US.utf8"; - LC_ALL = "en_US.utf8"; - TERM = "${pkgs.rxvt_unicode.terminfo}"; - }; - serviceConfig = { - Type = "oneshot"; - User = "orbekk"; - RemainAfterExit = true; - Environment = "TMUX_TMPDIR=/run/user/1000"; - }; - - script = '' - mkdir -p /run/user/1000 - tmux -2 new-session -d -s irc "${pkgs.weechat}/bin/weechat" - ''; - - preStop = '' - # Gently shut down weechat. - # -xf is needed to kill precisely weechat (and not this script). - pkill -SIGTERM -xf "${pkgs.weechat}/bin/weechat" - for i in {1..10}; do - echo "Waiting for weechat to stop" - pgrep -xlf "${pkgs.weechat}/bin/weechat" || break - sleep 1 - done - tmux kill-session -t irc || true - ''; - }; - }; -} |